1. Account Administration
  2. Authentication
  3. OpenID Connect (OIDC) Single Sign-on
  4. Troubleshoot OIDC
  5. OIDC Error Messages Users May Encounter

OIDC Error Messages Users May Encounter

See the following table for information about error messages that your may encounter when using OIDC, and how to resolve them.

Error Message

Problem

Resolution

There is a problem with the OpenID Connect (OIDC) configuration. Contact your administrator.

Causes of this error could be:

  • The OIDC feature is enabled, but the OIDC configuration in NetSuite has not been set up, the setup is incomplete, or is malformed.

To resolve this error:

The OpenID Connect (OIDC) Single Sign-on feature is not enabled in this account. Contact your administrator.

Causes of this error could be:

  • The OIDC feature is not enabled.

  • The OIDC feature is enabled, but your OIDC setup is not complete in NetSuite.

To resolve this error:

The user <email address> does not exist. Contact your administrator to provision the user.

Causes of this error could be:

  • The user successfully authenticated at the OP, but the user does not exist in NetSuite.

To resolve this error, a user with an Administrator role may do the following:

The user <email address> does not have an assigned role. Contact your administrator.

Causes of this error could be:

  • The user successfully authenticated at the OP, and the user exists in NetSuite, but the user does not have a role assigned in NetSuite.

To resolve this error, a user with an Administrator role may do the following:

The user <email address> does not have a role with OpenID Connect (OIDC) permission. Contact your administrator.

Causes of this error could be:

  • The user successfully authenticated at the OP, and the user exists in NetSuite, but the user does not have a role with the OpenID Connect (OIDC) Single Sign-on permission assigned in NetSuite.

To resolve this error, a user with an Administrator role may do the following:

The user <email address> has an email domain name which is not permitted to access < account name> by OpenID Connect (OIDC) Single Sign-on. Contact your administrator.

Causes of this error could be:

  • The user successfully authenticated at the OP, and the user exists in NetSuite, but the user’s email domain name is not in the list of allowed domain names that can access your NetSuite account.

To resolve this error, a user with an Administrator role may do the following:

  • If the user’s email address is from a domain that should be able to access NetSuite, go to Setup > Integration > Manage Authentication > OpenID Connect (OIDC) Single Sign-on. Enter the user’s email domain in the comma-separated list in the Allowed Email Domains field. See Configure OpenID Connect (OIDC) in NetSuite.

On the Insufficient Permissions page, users may encounter the following error message:

The role <role name> <email address> you selected does not have OpenID Connect (OIDC) Single Sign-on permission. Contact your administrator.

Causes of this error could be:

  • The user is attempting to access NetSuite with a role that does not have the OpenID Connect (OIDC) Single Sign-on permission.

To resolve this error:

On the Access Disabled page, users may encounter the following error message:

Login access has been disabled for this role.

Causes of this error could be:

  • The user is inactive.

  • The role is inactive.

To resolve this error:

  • Verify that the user is active.

  • Verify that the role is active.

See Resolving the Login Access Has Been Disabled Error.

Related Topics

Authentication
OpenID Connect (OIDC) Single Sign-on
Troubleshoot OIDC
Register NetSuite with Your OpenID Connect Provider
Enable the OpenID Connect (OIDC) Single Sign-on Feature in NetSuite
Configure OpenID Connect (OIDC) in NetSuite
Customize Roles for OpenID Connect
OpenID Connect Permissions
Assign the OpenID Connect Single Sign-on Role to Users
User Access to NetSuite with OpenID Connect
Remove OpenID Connect Access to NetSuite

General Notices